Comparing hosting providers is easier said than done. Providers present their services using the same terms: "99.9% uptime", "24/7 support", "secure servers". The differences are in the details that are not on the product page. This article gives you a concrete checklist to evaluate providers side by side.
The checklist is built around six dimensions: availability, performance, security, management, compliance and costs. For each dimension, there are questions to ask your current or future provider. Not as a formality, but because the answers determine whether the provider fits your situation.
1. Availability and uptime
Every provider claims 99.9% uptime. What that number means in practice:
- 99.9% = max 8.7 hours downtime per year
- 99.95% = max 4.4 hours downtime per year
- 99.99% = max 52 minutes downtime per year
For a business website, 99.9% is acceptable. For an e-commerce site running 24/7, or for business-critical applications, 99.99% is a different standard. But it is not just about the number.
Questions to ask your provider:
- What is the SLA uptime and what downtime is excluded (scheduled maintenance)?
- What is the compensation policy for SLA violations?
- Is there redundancy for network, power and hardware?
- Is there a public status page where I can track incidents?
2. Performance
Speed affects search engine ranking, bounce rate and conversion. A page that loads one second longer has measurable impact on your results. Research from Google shows that a delay from 1 to 3 seconds in load time increases the chance of a visitor bouncing by 32%.
Questions to ask your provider:
- What type of storage? NVMe SSD scores significantly better than SATA SSD or HDD.
- Is a CDN available, or included in the package?
- What web server software: Nginx, Apache, LiteSpeed?
- Are there performance limits per account (CPU throttling, inode limits)?
- How does the environment perform under load (load tests available)?
Uptime in numbers: what does each percentage mean?
Note: scheduled maintenance windows are typically excluded from downtime calculations by most providers
3. Security
Security is where most providers are vague in their communication. "Secure servers" means nothing. Asking specific questions does.
Questions to ask your provider:
- Is there a web application firewall (WAF) active on my environment?
- Are security updates applied automatically?
- Is there isolation between customers on shared infrastructure?
- Are servers scanned for malware and misconfigurations?
- Is there DDoS mitigation? At what level (network, application)?
- What certifications does the datacenter have (ISO 27001, NEN 7510, SOC 2)?
4. Management and support
Management and support are the most subjective factors, yet they are the most decisive for day-to-day operations. A good server with bad support organization is a frustrating combination.
Questions to ask your provider:
- Is there 24/7 phone support, or only during business hours?
- What are the guaranteed response times per priority level?
- Who manages OS updates, patches and monitoring?
- How are backups made, how long are they retained and where are they stored?
- Is a test environment (staging) available?
- What does the onboarding process and migration look like?
Also ask about the exit procedure. How do you export your data if you want to switch? How much time do you have? Are there extra costs? A provider that makes it difficult to leave is a risk you can spot right now.
5. Compliance and data location
For businesses handling personal data, compliance questions are not optional. GDPR sets requirements for how your data is stored and secured.
Questions to ask your provider:
- In which country is the datacenter located?
- Is the provider or its parent company based outside the EU (CLOUD Act)?
- Is a data processing agreement available?
- What sub-processors are there and where are they located?
- Does the datacenter have ISO 27001 or comparable certification?
- How are data breaches reported (Article 33 GDPR: within 72 hours)?
6. Costs: more than the monthly bill
Comparing hosting on price is tempting, but the cheapest option often has hidden costs. These are in setup fees, domain migrations, extra backup storage, support outside business hours, or simply in the time you (or your team) spend on management.
Questions to ask your provider:
- Are there setup or migration costs?
- What does support outside business hours cost?
- Are there costs for extra backup retention or storage?
- What is the contract duration and notice period?
- How do costs scale as you grow?
Scorecard: rate your provider on 6 dimensions
Give each dimension a score of 1-3. Total below 12? Keep looking.
Red flag: when should you walk away?
Sometimes switching is the smart choice. But when is that point reached? These are signals that justify switching:
- More than one unplanned outage per quarter lasting longer than an hour
- Support consistently responds slower than the SLA promise
- The provider runs outdated PHP versions without an upgrade path
- There is no data processing agreement available
- The invoice is higher than agreed and the provider is vague about the reason
- Backups exist, but restores do not work as expected
Switching has a price: time, possible downtime during migration and a learning curve with a new environment. But a provider that consistently falls short has a higher cost in the long run, in time, frustration and risk.
Practical approach: how to use this checklist
Send the questions from this checklist to two or three providers. Evaluate not just the answers, but also the speed and clarity with which they respond. A provider that gives clear answers upfront to difficult questions gives a more realistic picture of how they operate in practice than one who redirects you to their website.
Also ask for a trial period or test environment. Good providers offer this. It gives you the opportunity to measure speed, test support and evaluate whether the environment fits your technical requirements before you migrate.
Hosting is infrastructure. You do not notice it when everything works. But when something goes wrong, everything is affected: your website, your email, your e-commerce, your reputation. The investment in a careful comparison pays off the moment your provider makes the difference.